If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Can't remove Win32.downloader.gen malware!

Recently, I ran Spybot and it found an infection with Win32.downloader.gen malware. After finding it, Spybot tried to remove it but couldn't. Then, Spybot
asked if I wanted to allow Spybot to run again when the computer restarts. I selected "yes" and once restarting, Spybot ran for several hours (with no other programs running) and again detected the malware. Once I selected "fix problem", it checked it off as if it was repaired. However, when I run the program again, it still finds it again and the whole sequence is repeated.

Potential source of the problem: Recently, I downloaded several audio codec files from download.cnet.com/windows/ and possibly this infected my computer.

I was running Spybot Search & Destroy version 1.6.2.46

Tashi asked me to post to this forum.

In the instructions, I was told to use ERUNT to back up my system registry.
Then, I was told to run the DDS log and below are the contents:

Ok we will do two things: First look in your add/remove programs panel and unninstall if present, the two items below. After both uninstalls are done reboot your machine.

Search Protect by conduit
MarketResearch

Next:

Please download AdwCleaner to your desktop.
Double click on AdwCleaner.exe, select OK, then Run
Click on Search
A logfile will automatically open after the scan has finished
Copy and paste the contents of the log file in your reply
You can also find the logfile at C:\AdwCleaner[R1].txt as well
Exit AdwCleaner with the X (close) button. click ok at the final prompt.

On a side note it looks like you have two AV running. Both MS Security Essentials and ZA Antivirus. Only need one active AV per machine. I would remove one of them via the add/remove programs panel then reboot.

Ok good. Run Adwcleaner again by clicking the search button. Close the log file that pops up since you already posted that then click on the delete button. Your machine will reboot and after it restarts a new log file will come up with all the deletions, copy post the new log file in your reply.

Also after the above rescan with DDS like you did before and post its log also:

Double click the tool to run it.
If a black Screen opens, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post. Please do not use code wrap.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)

Can't remove Win32.downloader.gen malware!

Hey 'shelf life',

After running AdwCleaner, it posted the following message:
--------If you have been brought to use AdwCleaner, it’s probably because your PC contained potentially unwanted programs or adware
Potentially unwanted programs are often proposed during the installation of software. They may be present form of toolbars that sometimes change the home page of the browser and slow internet browsing
To avoid the installation of these programs polluting the computer, it is essential to follow these tips:
- Always download a program from the official link, or a trusted site
- When installing a program, do not click too fast [Next] without paying attention to Terms of Use and third-party programs available
- If third-party programs are available (toolbars, etc..), uncheck all checkboxes about him
- Enable detection of PUPs in your antivirus
You can also install Host Anti-PUP/Adware from AdwCleaner by clicking “?” and then “Download Hosts Anti-PUP/Adware”
---------------

What is a PUP? I currently am using ZoneAlarm Extreme Security, Malwarebytes Anti-Malware and Spybot Search and Destroy. Should I add any other protection?

A PUP (Potentially Unwanted Program) is a program that usually comes along as a add on to some other software. The default is to have it install for you unless you uncheck it. Toolbars are good examples. I have some examples on my web page, link in sig. Toolbars can be resource hogs as well as have privacy concerns.
Those 3 antimalware you have installed are plenty.
See if Spybot still flags Win32.downloader now.

Thanks for helping me remove Win32.downloader.gen malware!

Hey 'shelf life',

I just ran Spybot and it did NOT find anything this time! Thanks so much!

I have one more question, but I may have to ask ZoneAlarm. For some reason, I have not been able to run a browser with the ZoneAlarm Browser Virtualization protection "on". Supposedly, it "stops silent drive by web attacks from reaching the computer".

So if its off your browser functions ok? Is that normally something you would toggle off and on from your browser? Did your browser look any different after you ran Adwcleaner?
In IE check that any browser add ons are enabled.